x509/x509name.c: fix potential crash in X509_NAME_get_text_by_OBJ. (28ad7318) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/x509/x509name.c

+5 −3

Original line number	Original line	Diff line number	Diff line
	@@ -26,8 +26,8 @@ int X509_NAME_get_text_by_NID(X509_NAME name, int nid, char buf, int len)
	return X509_NAME_get_text_by_OBJ(name, obj, buf, len);		return X509_NAME_get_text_by_OBJ(name, obj, buf, len);
	}		}

	int X509_NAME_get_text_by_OBJ(X509_NAME name, const ASN1_OBJECT obj, char *buf,		int X509_NAME_get_text_by_OBJ(X509_NAME name, const ASN1_OBJECT obj,
	int len)		char *buf, int len)
	{		{
	int i;		int i;
	const ASN1_STRING *data;		const ASN1_STRING *data;
	@@ -36,9 +36,11 @@ int X509_NAME_get_text_by_OBJ(X509_NAME name, const ASN1_OBJECT obj, char *buf
	if (i < 0)		if (i < 0)
	return -1;		return -1;
	data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));		data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
	i = (data->length > (len - 1)) ? (len - 1) : data->length;
	if (buf == NULL)		if (buf == NULL)
	return data->length;		return data->length;
			if (len <= 0)
			return 0;
			i = (data->length > (len - 1)) ? (len - 1) : data->length;
	memcpy(buf, data->data, i);		memcpy(buf, data->data, i);
	buf[i] = '\0';		buf[i] = '\0';
	return i;		return i;